Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8176)
Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1788)
Robert Swiecki and Hanno Böck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1789)
Michal Zalewski discovered that OpenSSL incorrectly handled missing content when parsing ASN.1-encoded PKCS#7 blobs. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1790)
Emilia Käsper discovered that OpenSSL incorrectly handled NewSessionTicket when being used by a multi-threaded client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-1791)
Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. (CVE-2015-1792)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.
{ "availability": "No subscription required", "binaries": [ { "libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.15", "libssl-dev": "1.0.1f-1ubuntu2.15", "libssl1.0.0": "1.0.1f-1ubuntu2.15", "libssl-doc": "1.0.1f-1ubuntu2.15", "libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.15", "libssl1.0.0-dbg": "1.0.1f-1ubuntu2.15", "libssl-dev-dbgsym": "1.0.1f-1ubuntu2.15", "openssl": "1.0.1f-1ubuntu2.15", "openssl-dbgsym": "1.0.1f-1ubuntu2.15", "libssl1.0.0-udeb": "1.0.1f-1ubuntu2.15", "libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.15", "libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.15" } ] }